Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/MHWCq63I8hlFPPtec-vETEinwy8.roa
File:                     MHWCq63I8hlFPPtec-vETEinwy8.roa (raw, json)
Hash identifier:          Hzlfzv0IWs+PTDQsMOVtbiIKga1pdMmEF/yFls1YABI=
Subject key identifier:   30:75:82:AB:AD:C8:F2:19:45:3C:FB:5E:73:EB:C4:4C:48:A7:C3:2F
Certificate issuer:       /CN=10515090f850e337eb3b118a157e4e39083b77a6
Certificate serial:       018CCA2A5FEA2817E893C84D7B052690520E
Authority key identifier: 10:51:50:90:F8:50:E3:37:EB:3B:11:8A:15:7E:4E:39:08:3B:77:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/MHWCq63I8hlFPPtec-vETEinwy8.roa
Signing time:             Tue 02 Jan 2024 12:33:43 +0000
ROA not before:           Tue 02 Jan 2024 12:33:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39260
IP address blocks:        195.238.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5f:ea:28:17:e8:93:c8:4d:7b:05:26:90:52:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10515090f850e337eb3b118a157e4e39083b77a6
        Validity
            Not Before: Jan  2 12:33:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=307582abadc8f219453cfb5e73ebc44c48a7c32f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c6:08:69:df:ab:ba:e6:90:75:7b:23:09:f8:
                    e3:d6:4f:99:7b:f8:b9:85:3a:57:e6:db:f7:23:e7:
                    f7:1b:23:19:92:3e:b7:ab:f2:69:1c:63:82:9c:28:
                    66:e3:55:3f:cd:26:0b:97:cd:e5:52:03:04:43:0c:
                    88:90:52:14:99:17:9f:aa:53:dd:57:66:a3:fc:c9:
                    0c:a7:e8:c9:fb:c3:90:02:3d:19:f9:16:8a:37:c5:
                    04:dd:7a:44:2c:1c:2d:16:e1:b6:d1:fe:86:80:d7:
                    e9:3c:5a:35:5a:df:d4:aa:0b:01:6a:77:39:ea:d0:
                    c7:e0:14:8a:98:17:90:47:72:84:9e:dc:31:b5:3a:
                    cb:58:16:42:81:0f:c7:9a:7b:56:cf:96:36:7e:c4:
                    fb:e6:0a:4e:52:a3:9d:68:39:89:c8:d4:dc:b5:a1:
                    44:5c:63:5b:85:33:a5:cf:94:f7:27:20:87:8c:7f:
                    93:82:11:38:63:2f:bc:b3:3d:4c:cb:e8:57:2e:0b:
                    ce:f2:b7:74:eb:50:a1:f4:23:ee:f8:4a:02:1c:88:
                    fe:e7:d2:9f:c9:e9:07:d1:b4:39:7d:d8:23:87:19:
                    f7:cc:ca:ea:9c:97:ec:a2:88:2c:4b:06:f2:96:0b:
                    5a:ad:da:6f:d6:de:84:dc:64:e0:64:67:3b:80:1c:
                    b7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:75:82:AB:AD:C8:F2:19:45:3C:FB:5E:73:EB:C4:4C:48:A7:C3:2F
            X509v3 Authority Key Identifier:
                keyid:10:51:50:90:F8:50:E3:37:EB:3B:11:8A:15:7E:4E:39:08:3B:77:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/MHWCq63I8hlFPPtec-vETEinwy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:5e:38:9a:04:41:1e:1a:5a:bf:e9:08:7e:e4:94:90:3c:9f:
         34:c4:73:32:64:14:01:ec:2c:3d:f3:19:d7:a1:1b:48:6f:96:
         d2:95:53:e6:d3:78:e8:48:15:e8:5f:c2:b4:87:ae:c5:8f:05:
         2a:64:d9:2e:3f:49:1c:a4:5f:d9:8a:74:06:9b:98:c9:24:83:
         06:c9:6c:8c:3b:a1:98:fa:a4:9f:5a:04:5a:81:ee:81:f1:e7:
         96:93:6f:3f:d1:db:3b:39:f4:c0:26:70:ad:94:19:2f:11:65:
         50:06:e0:21:c7:5f:bc:6d:ec:f0:12:64:3a:cd:d3:90:bb:00:
         be:7c:73:00:fc:07:0c:df:21:92:79:e8:23:25:41:d7:09:c5:
         80:eb:76:37:33:38:9d:6c:58:b3:3a:3c:e2:d2:57:3a:42:c8:
         0d:49:d3:de:25:7c:a7:88:4d:9a:b4:55:5e:e8:a3:3b:7e:e7:
         ab:7f:4e:b1:22:27:c9:d1:68:73:ee:5d:f9:84:5c:00:24:12:
         b3:7d:e1:be:80:02:40:21:5f:e7:43:4a:b2:88:6c:06:94:73:
         d8:ec:e2:45:51:9b:0c:cc:cd:da:dd:3e:38:0c:e0:44:a4:03:
         82:40:10:da:b8:0d:66:41:7a:82:ed:bb:c0:a3:ec:ff:de:2a:
         b6:7c:be:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKl/qKBfok8hNewUmkFIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTE1MDkwZjg1MGUzMzdlYjNiMTE4YTE1N2U0ZTM5MDgz
Yjc3YTYwHhcNMjQwMTAyMTIzMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDc1ODJhYmFkYzhmMjE5NDUzY2ZiNWU3M2ViYzQ0YzQ4YTdjMzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucYIad+ruuaQdXsjCfjj1k+Ze/i5
hTpX5tv3I+f3GyMZkj63q/JpHGOCnChm41U/zSYLl83lUgMEQwyIkFIUmRefqlPd
V2aj/MkMp+jJ+8OQAj0Z+RaKN8UE3XpELBwtFuG20f6GgNfpPFo1Wt/UqgsBanc5
6tDH4BSKmBeQR3KEntwxtTrLWBZCgQ/HmntWz5Y2fsT75gpOUqOdaDmJyNTctaFE
XGNbhTOlz5T3JyCHjH+TghE4Yy+8sz1My+hXLgvO8rd061Ch9CPu+EoCHIj+59Kf
yekH0bQ5fdgjhxn3zMrqnJfsoogsSwbylgtardpv1t6E3GTgZGc7gBy3MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDB1gqutyPIZRTz7XnPrxExIp8MvMB8GA1UdIwQY
MBaAFBBRUJD4UOM36zsRihV+TjkIO3emMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZGUWtQaFE0emZyT3hHS0ZYNU9PUWc3ZDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNDgyMmItNjE4NC00NmEwLWJjYzUt
OGYyOWYzZDk4MjE0LzEvTUhXQ3E2M0k4aGxGUFB0ZWMtdkVURWlud3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNDgyMmItNjE4NC00NmEwLWJjYzUtOGYyOWYzZDk4MjE0
LzEvRUZGUWtQaFE0emZyT3hHS0ZYNU9PUWc3ZDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+5YMA0G
CSqGSIb3DQEBCwUAA4IBAQCOXjiaBEEeGlq/6Qh+5JSQPJ80xHMyZBQB7Cw98xnX
oRtIb5bSlVPm03joSBXoX8K0h67FjwUqZNkuP0kcpF/ZinQGm5jJJIMGyWyMO6GY
+qSfWgRage6B8eeWk28/0ds7OfTAJnCtlBkvEWVQBuAhx1+8bezwEmQ6zdOQuwC+
fHMA/AcM3yGSeegjJUHXCcWA63Y3MzidbFizOjzi0lc6QsgNSdPeJXyniE2atFVe
6KM7fuerf06xIifJ0Whz7l35hFwAJBKzfeG+gAJAIV/nQ0qyiGwGlHPY7OJFUZsM
zM3a3T44DOBEpAOCQBDauA1mQXqC7bvAo+z/3iq2fL7Q
-----END CERTIFICATE-----